X-Git-Url: https://git.octo.it/?a=blobdiff_plain;f=src%2Fliboping.c;h=fc9ed65c63198f081a9e5ecb2b7dc2ab474177a9;hb=4442437848f4d07b91c8ae1512b562299a3e6070;hp=396f489f3d0b1d0d2f9ef382dbfc266f2ea0c189;hpb=2599a5dc9ee489282f799ec6ceb7130c703eab73;p=liboping.git diff --git a/src/liboping.c b/src/liboping.c index 396f489..fc9ed65 100644 --- a/src/liboping.c +++ b/src/liboping.c @@ -298,23 +298,20 @@ static pinghost_t *ping_receive_ipv4 (pingobj_t *obj, char *buffer, buffer += ip_hdr_len; buffer_len -= ip_hdr_len; - if (buffer_len < sizeof (struct icmphdr)) + if (buffer_len < ICMP_MINLEN) return (NULL); icmp_hdr = (struct icmp *) buffer; - buffer += sizeof (struct icmphdr); - buffer_len -= sizeof (struct icmphdr); - if (icmp_hdr->icmp_type != ICMP_ECHOREPLY) { - dprintf ("Unexpected ICMP type: %i\n", icmp_hdr->icmp_type); + dprintf ("Unexpected ICMP type: %"PRIu8"\n", icmp_hdr->icmp_type); return (NULL); } recv_checksum = icmp_hdr->icmp_cksum; + /* This writes to buffer. */ icmp_hdr->icmp_cksum = 0; - calc_checksum = ping_icmp4_checksum ((char *) icmp_hdr, - sizeof (struct icmphdr) + buffer_len); + calc_checksum = ping_icmp4_checksum (buffer, buffer_len); if (recv_checksum != calc_checksum) { @@ -392,12 +389,12 @@ static pinghost_t *ping_receive_ipv6 (pingobj_t *obj, char *buffer, pinghost_t *ptr; - if (buffer_len < sizeof (struct icmp6_hdr)) + if (buffer_len < ICMP_MINLEN) return (NULL); icmp_hdr = (struct icmp6_hdr *) buffer; - buffer += sizeof (struct icmp); - buffer_len -= sizeof (struct icmp); + buffer += ICMP_MINLEN; + buffer_len -= ICMP_MINLEN; if (icmp_hdr->icmp6_type != ICMP6_ECHO_REPLY) { @@ -697,6 +694,7 @@ static int ping_receive_all (pingobj_t *obj) if (!timerisset (ptr->timer)) continue; + assert (ptr->fd < FD_SETSIZE); FD_SET (ptr->fd, &read_fds); FD_SET (ptr->fd, &err_fds); num_fds++; @@ -815,29 +813,28 @@ static int ping_send_one_ipv4 (pingobj_t *obj, pinghost_t *ph) struct icmp *icmp4; int status; - char buf[4096]; - int buflen; + char buf[4096] = {0}; + size_t buflen; char *data; - int datalen; + size_t datalen; dprintf ("ph->hostname = %s\n", ph->hostname); - memset (buf, '\0', sizeof (buf)); icmp4 = (struct icmp *) buf; - data = buf + sizeof (struct icmphdr); - - icmp4->icmp_type = ICMP_ECHO; - icmp4->icmp_code = 0; - icmp4->icmp_cksum = 0; - icmp4->icmp_id = htons (ph->ident); - icmp4->icmp_seq = htons (ph->sequence); + *icmp4 = (struct icmp) { + .icmp_type = ICMP_ECHO, + .icmp_id = htons (ph->ident), + .icmp_seq = htons (ph->sequence), + }; - buflen = sizeof(buf) - sizeof (struct icmphdr); - strncpy (data, ph->data, buflen); - datalen = strlen (data); + datalen = strlen (ph->data); + buflen = ICMP_MINLEN + datalen; + if (sizeof (buf) < buflen) + return (EINVAL); - buflen = datalen + sizeof (struct icmphdr); + data = buf + ICMP_MINLEN; + memcpy (data, ph->data, datalen); icmp4->icmp_cksum = ping_icmp4_checksum (buf, buflen); @@ -860,7 +857,7 @@ static int ping_send_one_ipv6 (pingobj_t *obj, pinghost_t *ph) struct icmp6_hdr *icmp6; int status; - char buf[4096]; + char buf[4096] = {0}; int buflen; char *data; @@ -868,23 +865,22 @@ static int ping_send_one_ipv6 (pingobj_t *obj, pinghost_t *ph) dprintf ("ph->hostname = %s\n", ph->hostname); - memset (buf, '\0', sizeof (buf)); icmp6 = (struct icmp6_hdr *) buf; - data = (char *) (icmp6 + 1); + *icmp6 = (struct icmp6_hdr) { + .icmp6_type = ICMP6_ECHO_REQUEST, + .icmp6_id = htons (ph->ident), + .icmp6_seq = htons (ph->sequence), + }; - icmp6->icmp6_type = ICMP6_ECHO_REQUEST; - icmp6->icmp6_code = 0; - /* The checksum will be calculated by the TCP/IP stack. */ - /* FIXME */ - icmp6->icmp6_cksum = 0; - icmp6->icmp6_id = htons (ph->ident); - icmp6->icmp6_seq = htons (ph->sequence); + datalen = strlen (ph->data); + buflen = sizeof (*icmp6) + datalen; + if (sizeof (buf) < buflen) + return (EINVAL); - buflen = 4096 - sizeof (struct icmp6_hdr); - strncpy (data, ph->data, buflen); - datalen = strlen (data); + data = buf + ICMP_MINLEN; + memcpy (data, ph->data, datalen); - buflen = datalen + sizeof (struct icmp6_hdr); + /* The checksum will be calculated by the TCP/IP stack. */ dprintf ("Sending ICMPv6 package with ID 0x%04x\n", ph->ident); @@ -1486,6 +1482,16 @@ int ping_host_add (pingobj_t *obj, const char *host) ping_set_errno (obj, errno); continue; } + else if (ph->fd >= FD_SETSIZE) + { + dprintf("socket(2) returned file descriptor %d, which is above the file " + "descriptor limit for select(2) (FD_SETSIZE = %d)\n", + ph->fd, FD_SETSIZE); + close(ph->fd); + ph->fd = -1; + ping_set_errno(obj, EMFILE); + continue; + } if (obj->srcaddr != NULL) {